kolide · James-Pickett · Sep 13, 2024 · Sep 13, 2024 · Sep 17, 2024 · Sep 18, 2024
diff --git a/cmd/launcher/desktop.go b/cmd/launcher/desktop.go
@@ -130,7 +130,9 @@ func runDesktop(_ *multislogger.MultiSlogger, args []string) error {
 	}, func(error) {})
 
 	shutdownChan := make(chan struct{})
-	server, err := userserver.New(slogger, *flUserServerAuthToken, *flUserServerSocketPath, shutdownChan, notifier)
+	showDesktopChan := make(chan struct{})
+
+	server, err := userserver.New(slogger, *flUserServerAuthToken, *flUserServerSocketPath, shutdownChan, showDesktopChan, notifier)
 	if err != nil {
 		return err
 	}
@@ -182,9 +184,10 @@ func runDesktop(_ *multislogger.MultiSlogger, args []string) error {
 		}
 	}()
 
+	// block until a send on showDesktopChan
+	<-showDesktopChan
 	// blocks until shutdown called
 	m.Init()
-
 	return nil
 }
 

diff --git a/cmd/launcher/detect_presence.go b/cmd/launcher/detect_presence.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"os"
+	"runtime"
+
+	"github.com/kolide/launcher/ee/presencedetection"
+	"github.com/kolide/launcher/pkg/log/multislogger"
+)
+
+func runDetectPresence(_ *multislogger.MultiSlogger, args []string) error {
+	reason := ""
+
+	if len(args) != 0 {
+		reason = args[0]
+	}
+
+	if reason == "" && runtime.GOOS == "darwin" {
+		return errors.New("reason is required on darwin")
+	}
+
+	success, err := presencedetection.Detect(reason)
+	response := presencedetection.PresenceDetectionResponse{
+		Success: success,
+	}
+	if err != nil {
+		response.Error = err.Error()
+	}
+
+	// serialize response to JSON
+	responseJSON, err := json.Marshal(response)
+	if err != nil {
+		return err
+	}
+
+	// b64 enode response
+	responseB64 := base64.StdEncoding.EncodeToString(responseJSON)
+
+	// write response to stdout
+	if _, err := os.Stdout.Write([]byte(responseB64)); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/cmd/launcher/main.go b/cmd/launcher/main.go
@@ -196,6 +196,8 @@ func runSubcommands(systemMultiSlogger *multislogger.MultiSlogger) error {
 		run = runSecureEnclave
 	case "watchdog": // note: this is currently only implemented for windows
 		run = watchdog.RunWatchdogService
+	case "detect-presence":
+		run = runDetectPresence
 	default:
 		return fmt.Errorf("unknown subcommand %s", os.Args[1])
 	}

diff --git a/ee/desktop/runner/runner.go b/ee/desktop/runner/runner.go
@@ -118,9 +118,6 @@ type DesktopUsersProcessesRunner struct {
 	// usersFilesRoot is the launcher root dir with will be the parent dir
 	// for kolide desktop files on a per user basis
 	usersFilesRoot string
-	// processSpawningEnabled controls whether or not desktop user processes are automatically spawned
-	// This effectively represents whether or not the launcher desktop GUI is enabled or not
-	processSpawningEnabled bool
 	// knapsack is the almighty sack of knaps
 	knapsack types.Knapsack
 	// runnerServer is a local server that desktop processes call to monitor parent
@@ -155,17 +152,16 @@ func (pr processRecord) String() string {
 // New creates and returns a new DesktopUsersProcessesRunner runner and initializes all required fields
 func New(k types.Knapsack, messenger runnerserver.Messenger, opts ...desktopUsersProcessesRunnerOption) (*DesktopUsersProcessesRunner, error) {
 	runner := &DesktopUsersProcessesRunner{
-		interrupt:              make(chan struct{}),
-		uidProcs:               make(map[string]processRecord),
-		updateInterval:         k.DesktopUpdateInterval(),
-		menuRefreshInterval:    k.DesktopMenuRefreshInterval(),
-		procsWg:                &sync.WaitGroup{},
-		interruptTimeout:       time.Second * 5,
-		hostname:               k.KolideServerURL(),
-		usersFilesRoot:         agent.TempPath("kolide-desktop"),
-		processSpawningEnabled: k.DesktopEnabled(),
-		knapsack:               k,
-		cachedMenuData:         newMenuItemCache(),
+		interrupt:           make(chan struct{}),
+		uidProcs:            make(map[string]processRecord),
+		updateInterval:      k.DesktopUpdateInterval(),
+		menuRefreshInterval: k.DesktopMenuRefreshInterval(),
+		procsWg:             &sync.WaitGroup{},
+		interruptTimeout:    time.Second * 5,
+		hostname:            k.KolideServerURL(),
+		usersFilesRoot:      agent.TempPath("kolide-desktop"),
+		knapsack:            k,
+		cachedMenuData:      newMenuItemCache(),
 	}
 
 	runner.slogger = k.Slogger().With("component", "desktop_runner")
@@ -452,12 +448,35 @@ func (r *DesktopUsersProcessesRunner) Update(data io.Reader) error {
 }
 
 func (r *DesktopUsersProcessesRunner) FlagsChanged(flagKeys ...keys.FlagKey) {
-	if slices.Contains(flagKeys, keys.DesktopEnabled) {
-		r.processSpawningEnabled = r.knapsack.DesktopEnabled()
-		r.slogger.Log(context.TODO(), slog.LevelDebug,
-			"runner processSpawningEnabled set by control server",
-			"process_spawning_enabled", r.processSpawningEnabled,
-		)
+	if !slices.Contains(flagKeys, keys.DesktopEnabled) {
+		return
+	}
+
+	r.slogger.Log(context.TODO(), slog.LevelDebug,
+		"desktop enabled set by control server",
+		"process_spawning_enabled", r.knapsack.DesktopEnabled(),
+	)
+
+	if !r.knapsack.DesktopEnabled() {
+		// there is no way to "hide" the menu, so we will just kill any existing processes
+		// they will respawn in "silent" mode
+		r.killDesktopProcesses(context.TODO())
+		return
+	}
+
+	// DesktopEnabled() == true
+	// Tell any running desktop user processes that they should show the menu
+	for uid, proc := range r.uidProcs {
+		client := client.New(r.userServerAuthToken, proc.socketPath)
+		if err := client.ShowDesktop(); err != nil {
+			r.slogger.Log(context.TODO(), slog.LevelError,
+				"sending refresh command to user desktop process",
+				"uid", uid,
+				"pid", proc.Process.Pid,
+				"path", proc.path,
+				"err", err,
+			)
+		}
 	}
 }
 
@@ -483,6 +502,10 @@ func (r *DesktopUsersProcessesRunner) writeSharedFile(path string, data []byte)
 
 // refreshMenu updates the menu file and tells desktop processes to refresh their menus
 func (r *DesktopUsersProcessesRunner) refreshMenu() {
+	if !r.knapsack.DesktopEnabled() {
+		return
+	}
+
 	if err := r.generateMenuFile(); err != nil {
 		if r.knapsack.DebugServerData() {
 			r.slogger.Log(context.TODO(), slog.LevelError,
@@ -502,8 +525,18 @@ func (r *DesktopUsersProcessesRunner) refreshMenu() {
 	// Tell any running desktop user processes that they should refresh the latest menu data
 	for uid, proc := range r.uidProcs {
 		client := client.New(r.userServerAuthToken, proc.socketPath)
-		if err := client.Refresh(); err != nil {
 
+		if err := client.ShowDesktop(); err != nil {
+			r.slogger.Log(context.TODO(), slog.LevelError,
+				"sending refresh command to user desktop process",
+				"uid", uid,
+				"pid", proc.Process.Pid,
+				"path", proc.path,
+				"err", err,
+			)
+		}
+
+		if err := client.Refresh(); err != nil {
 			r.slogger.Log(context.TODO(), slog.LevelError,
 				"sending refresh command to user desktop process",
 				"uid", uid,
@@ -601,12 +634,6 @@ func (r *DesktopUsersProcessesRunner) runConsoleUserDesktop() error {
 		return nil
 	}
 
-	if !r.processSpawningEnabled {
-		// Desktop is disabled, kill any existing desktop user processes
-		r.killDesktopProcesses(context.Background())
-		return nil
-	}
-
 	executablePath, err := r.determineExecutablePath()
 	if err != nil {
 		return fmt.Errorf("determining executable path: %w", err)

diff --git a/ee/desktop/user/client/client.go b/ee/desktop/user/client/client.go
@@ -55,6 +55,10 @@ func (c *client) Refresh() error {
 	return c.get("refresh")
 }
 
+func (c *client) ShowDesktop() error {
+	return c.get("show")
+}
+
 func (c *client) Notify(n notify.Notification) error {
 	notificationToSend := notify.Notification{
 		Title:     n.Title,

diff --git a/ee/desktop/user/client/client_test.go b/ee/desktop/user/client/client_test.go
@@ -42,7 +42,7 @@ func TestClient_GetAndShutdown(t *testing.T) {
 
 			socketPath := testSocketPath(t)
 			shutdownChan := make(chan struct{})
-			server, err := server.New(multislogger.NewNopLogger(), validAuthToken, socketPath, shutdownChan, nil)
+			server, err := server.New(multislogger.NewNopLogger(), validAuthToken, socketPath, shutdownChan, make(chan<- struct{}), nil)
 			require.NoError(t, err)
 
 			go func() {

diff --git a/ee/desktop/user/server/server.go b/ee/desktop/user/server/server.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"runtime"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/kolide/launcher/ee/desktop/user/notify"
@@ -30,26 +31,34 @@ type UserServer struct {
 	server           *http.Server
 	listener         net.Listener
 	shutdownChan     chan<- struct{}
+	showDesktopChan  chan<- struct{}
 	authToken        string
 	socketPath       string
 	notifier         notificationSender
 	refreshListeners []func()
 }
 
-func New(slogger *slog.Logger, authToken string, socketPath string, shutdownChan chan<- struct{}, notifier notificationSender) (*UserServer, error) {
+func New(slogger *slog.Logger,
+	authToken string,
+	socketPath string,
+	shutdownChan chan<- struct{},
+	showDesktopChan chan<- struct{},
+	notifier notificationSender) (*UserServer, error) {
 	userServer := &UserServer{
-		shutdownChan: shutdownChan,
-		authToken:    authToken,
-		slogger:      slogger.With("component", "desktop_server"),
-		socketPath:   socketPath,
-		notifier:     notifier,
+		shutdownChan:    shutdownChan,
+		showDesktopChan: showDesktopChan,
+		authToken:       authToken,
+		slogger:         slogger.With("component", "desktop_server"),
+		socketPath:      socketPath,
+		notifier:        notifier,
 	}
 
 	authedMux := http.NewServeMux()
 	authedMux.HandleFunc("/shutdown", userServer.shutdownHandler)
 	authedMux.HandleFunc("/ping", userServer.pingHandler)
 	authedMux.HandleFunc("/notification", userServer.notificationHandler)
 	authedMux.HandleFunc("/refresh", userServer.refreshHandler)
+	authedMux.HandleFunc("/show", userServer.showDesktop)
 
 	userServer.server = &http.Server{
 		Handler: userServer.authMiddleware(authedMux),
@@ -152,6 +161,15 @@ func (s *UserServer) notificationHandler(w http.ResponseWriter, req *http.Reques
 	w.WriteHeader(http.StatusOK)
 }
 
+func (s *UserServer) showDesktop(w http.ResponseWriter, req *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+
+	sync.OnceFunc(func() {
+		s.showDesktopChan <- struct{}{}
+	})()
+}
+
 func (s *UserServer) refreshHandler(w http.ResponseWriter, req *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)

diff --git a/ee/desktop/user/server/server_test.go b/ee/desktop/user/server/server_test.go
@@ -121,7 +121,7 @@ func testServer(t *testing.T, authHeader, socketPath string, logBytes *bytes.Buf
 		Level:     slog.LevelDebug,
 	}))
 
-	server, err := New(slogger, authHeader, socketPath, shutdownChan, nil)
+	server, err := New(slogger, authHeader, socketPath, shutdownChan, make(chan<- struct{}), nil)
 	require.NoError(t, err)
 	return server, shutdownChan
 }

diff --git a/ee/localserver/krypto-ec-middleware.go b/ee/localserver/krypto-ec-middleware.go
@@ -25,15 +25,17 @@ import (
 )
 
 const (
-	timestampValidityRange             = 150
-	kolideKryptoEccHeader20230130Value = "2023-01-30"
-	kolideKryptoHeaderKey              = "X-Kolide-Krypto"
-	kolideSessionIdHeaderKey           = "X-Kolide-Session"
+	timestampValidityRange                    = 150
+	kolideKryptoEccHeader20230130Value        = "2023-01-30"
+	kolideKryptoHeaderKey                     = "X-Kolide-Krypto"
+	kolideSessionIdHeaderKey                  = "X-Kolide-Session"
+	kolidePresenceDetectionIntervalSecondsKey = "X-Kolide-Presence-Detection-Interval"
 )
 
 type v2CmdRequestType struct {
 	Path            string
 	Body            []byte
+	Headers         map[string][]string
 	CallbackUrl     string
 	CallbackHeaders map[string][]string
 	AllowedOrigins  []string
@@ -285,6 +287,12 @@ func (e *kryptoEcMiddleware) Wrap(next http.Handler) http.Handler {
 			},
 		}
 
+		for h, vals := range cmdReq.Headers {
+			for _, v := range vals {
+				newReq.Header.Add(h, v)
+			}
+		}
+
 		newReq.Header.Set("Origin", r.Header.Get("Origin"))
 		newReq.Header.Set("Referer", r.Header.Get("Referer"))